Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

SMBs Struggle to Rein in Data Leakage to Cloud, Study Finds

Workers have used unapproved cloud services without informing their IT departments in more than 80 percent of small and midsize businesses, according to a Spiceworks survey.

Small and medium-size businesses have major problems in managing their use of cloud applications, according to a survey published on Oct. 12 by Spiceworks, a community for information technology workers.

The survey of 338 IT managers found that more than 80 percent of the technology professionals had end users who had "gone behind their backs to set up unapproved cloud services." Almost all of those surveyed thought the security of specific cloud services should be taken into account before allowing employees to use them.

"I think a lot of times, everyone is used to using consumer-level products, which are not inherently bad, but they can be dangerous," Peter Tsai, IT analyst for Spiceworks, told eWEEK. "IT does not have direct control over who sees what and when, so you are putting sensitive information out there in the wild."

The problem of unauthorized cloud services shows that the issue of "shadow IT"—unvetted and unapproved technology—continues to undermine the security of businesses. Shadow IT used to describe an unapproved wireless router or server set up by employees to help them work, but with the advent of the cloud, the problem has moved online.

Further reading

The IT professionals worried most about cloud storage services and web-based email services, with 35 percent warning that the former, and 27 percent that the latter, were vulnerable to attack. Messaging services and financial applications are the greatest concerns for 9 percent and 8 percent of IT professionals, respectively, according to the survey.

Much of the problem for SMBs is that IT departments at the companies tend to be, unsurprisingly, smaller. IT staff at such firms typically struggle to keep systems up and running, and security often takes a back seat, Tsai said.

"An IT department of one is not that uncommon," he said. "They have to keep the lights on, keep systems running and configure cloud services."

The shortage of staff shows. While 61 percent of IT professionals said that their company adequately invests in data security, less than half conduct regular security audits of their systems and only 28 percent are trying to improve data security.

IT professionals can take some basic, low-cost steps to reduce the use of shadow cloud services, Tsai said. Training can teach workers the dangers of using unapproved services, and establishing a policy can act as a guidepost for employees, he said.

"Just having a policy and reviewing your policy to make sure that [the use of cloud services] is covered is a good step," he said. "Then, people know they have a course of action and that they actually have rules to follow."

Finally, companies should review the cloud services that workers want to use, which can remove the primary reason that employees circumvent security policy, he said.